lan-quil
/
shareable-drafts
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Update traefik with secrets.

This commit is contained in:
Sandro Pratesi 2022-10-24 22:47:42 +02:00
parent cfa6eac308
commit 2de4849816
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
traefik/docker-compose.yaml
View File

@ -8,6 +8,12 @@ networks:
proxy: proxy:
external: true external: true
secrets:
cloudflare_account_email_address:
file: /srv/secrets/traefik/email
cloudflare_dns_api_token:
file: /srv/secrets/traefik/token
services: services:
reverse-proxy: reverse-proxy:
container_name: traefik container_name: traefik
@ -20,6 +26,9 @@ services:
# Use the public network created to be shared between Traefik and # Use the public network created to be shared between Traefik and
# any other service that needs to be publicly available with HTTPS # any other service that needs to be publicly available with HTTPS
- proxy - proxy
secrets:
- cloudflare_account_email_address
- cloudflare_dns_api_token
command: command:
- --providers.docker # Enable Docker in Traefik, so that it reads labels from Docker services - --providers.docker # Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker.exposedbydefault=false # Do not expose all Docker services, only the ones explicitly exposed - --providers.docker.exposedbydefault=false # Do not expose all Docker services, only the ones explicitly exposed
@ -31,7 +40,6 @@ services:
# Set up LetsEncrypt # Set up LetsEncrypt
- --certificatesresolvers.letsencrypt.acme.dnschallenge=true - --certificatesresolvers.letsencrypt.acme.dnschallenge=true
- --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare
- --certificatesresolvers.letsencrypt.acme.email=${EMAIL_ADDRESS}
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
# Set up an insecure listener that redirects all traffic to TLS # Set up an insecure listener that redirects all traffic to TLS
- --entrypoints.web.address=:80 - --entrypoints.web.address=:80
@ -49,12 +57,13 @@ services:
- /var/run/docker.sock:/var/run/docker.sock:ro # Add Docker as a mounted volume, so that Traefik can read the labels of other services - /var/run/docker.sock:/var/run/docker.sock:ro # Add Docker as a mounted volume, so that Traefik can read the labels of other services
- /srv/volumes/letsencrypt:/letsencrypt - /srv/volumes/letsencrypt:/letsencrypt
environment: environment:
- CLOUDFLARE_EMAIL=${CLOUDFLARE_ACCOUNT_EMAIL_ADDRESS} CLOUDFLARE_EMAIL_FILE: /run/secrets/cloudflare_account_email_address
- CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_TOKEN_GOES_HERE} CLOUDFLARE_DNS_API_TOKEN_FILE: /run/secrets/cloudflare_dns_api_token
# https://go-acme.github.io/lego/dns/cloudflare/
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.dashboard.service=api@internal - traefik.http.routers.dashboard.service=api@internal # TODO: not working
- traefik.http.routers.dashboard.rule=Host(`traefik.889217.xyz`) - traefik.http.routers.dashboard.rule=Host(`traefik.golem.linux.it`)
- traefik.http.routers.dashboard.entrypoints=websecure - traefik.http.routers.dashboard.entrypoints=websecure
- traefik.http.routers.dashboard.tls.certresolver=letsencrypt - traefik.http.routers.dashboard.tls.certresolver=letsencrypt
healthcheck: healthcheck: